[ad_1]
The personal and telephone data of all clients ho.mobile, the virtual operator of the brand Vodafone2.5 million people it would end up for sale on the Dark Web.
The news broke last night on Twitter Bank Security, which would have managed to get a small sample of information to prove its authenticity. Vodafone reports that it has no evidence of an attack and is investigating it in any case.
The theft, if confirmed, would actually be the result of a cyber attack that resulted in a Data leakage.
What do we know about the alleged hacker attack on ho.mobile?
From what has been leaked so far, it appears that the personal and telephone data of ho.mobile users would have been extracted by exploiting a vulnerability in the operator’s web platform or application.
A Threat Actor is selling a database of Italian mobile service provider ho. (https://t.co/N5IYO88bja) owned by @VodafoneIT 🇮🇹.
The dump allegedly includes 2,500,000 PII data, phone numbers and ICCID of customers that can be exploited for SIM swapping attacks on empty bank accounts. pic.twitter.com/yR193Mt3CS
– Bank security (@Bank_Security) December 28, 2020
Within the database (a This address there is a complete list of the types of information potentially exposed) there would be different types of information, including: name and surname of users, date of birth, city of residence, ICCID (Integrated Circuit-Identity Card) of the SIM and number of telephone.
There appear to be no passwords of any kind, but there are some email addresses.
Essential tips and checklists for a seamless migration to the public cloud
“It must be said that the leak – again according to information published anonymously online – would go on sale from December 22, 2020 and it is not known how long it has actually been in circulation, so it is not known whether the data it contains has been used before, ”explains IT forensic consultant Paolo dal Checco. “In any case, even listening to those working in the environment, there is no news of an increase in SIM Swap attacks for the operator in question. We are awaiting confirmation from both the operator and rightly, you will have to inform the Privacy Guarantor and interested parties – and any other online posting on Pastebin or Twitter that may confirm or deny this important event. “
In particular, the possibility of obtaining the ICCID, the 19-digit international code that uniquely identifies the SIM, could be particularly dangerous as it would allow an attacker to carry out an attack. SIM swap attack which allows you to clone the SIM and then access the online services.
Once the SIM has been cloned, the attacker can also receive SMS from two-factor authentication services, widely used for services such as banks, Internet accounts, or password storage services.
It is easy to understand that it is precisely the presence of these numerous ICCID codes that makes the ho.mobile user database sold on the Dark Web (in theory) valuable.
A SIM in the name of others can also allow you to scam third parties and protect your identity in criminal activities based on the use of mobile phones.
The possible leak does not surprise experts. “Unfortunately, data leaks have become very common,” says the expert cybersecurity consultant. Salvatore lombardo. “They are not always due to poor password management and storage, but also poor implementation of db-based web applications. This can allow injection of arbitrary queries. It is necessary for the developers to apply an sql programming that foresees a control of all possible access ports to the data management file, such as forms, search pages and any other module that includes a structured query “.
The risks users would run
“If confirmed, this leak would certainly have significant proportions for several reasons. First of all, because it contains data related to telephone users, which today are used by services, portals and even banks as a tool to identify and retrieve access codes ”, explains Dal Checco. Among these data -according to what was published in Pastebin- would also be the ICCID code, which is a kind of ‘chassis number’ of the SIM card, an essential element to be able to request the migration or portability of users, especially if combined with personal data of the owner such as address, tax code, email and other relevant data “.
“Ho.mobile users could be subject to phishing campaigns in the next few hours.“Adds the expert Pierluigi Paganini, professor of Luiss’s master’s degree in cybersecurity in Rome. “The messages could invite them to provide the data to handle an urgent situation, for example, to avoid the line being disconnected after a ghost check. It is essential to pay attention to messages that may be sent on behalf of ho.mobile and consider only the company’s website as an official source“Paganini continues.
How to defend yourself against SIM swap scams
“Many people ask me how to protect themselves from possible scams, if their data is in the database. Surely those who ended up in the leak of Trezor’s cryptocurrency wallet last week are more vulnerable, because by crossing the two lists it is possible to hit different types of attacks to try to steal cryptocurrencies from online wallets or to get hold of those saved on the device by phishing ”. adds Dal Checco.
Their recommendations are as follows.
- Replace, at least temporarily, the phone number configured as the recovery method in the various online accounts, from banking to Paypal, from SPID to email, from Facebook to Amazon: all possible targets of SIM replacement scams.
- For those who use WhatsApp, Telegram, Messenger or instant messaging tools and do not want – understandably – to migrate users, it is enough to enable protection with the second authentication factor, entering a password that must be requested to be able to access the account: in this way, even subtracting the SIM, the attacker will not be able to access our messages (in terms of Telegram or Messenger, which keeps them in the cloud) or use our account to send and receive text messages (in terms of WhatsApp, Signal or other applications that hold chats locally).
- Each of us knows what data has been communicated to the operator, obviously you cannot change your residence due to unconfirmed news, but the email address yes, temporarily even that can be configured with a different one, thus creating differences between the data in the database and those used in reality, to defend against possible attacks.
“However, I think that, should the news be confirmed, the operator in question will be the first to temporarily block SIM changes by imposing more controls, which among other things AGCOM a few weeks ago – in unsuspecting times – had already outlined “.
Safer SIM switching, against fraud: the new Agcom rules
Contract management and GDPR: guide to outsourcing personal data activities
@ALL RIGHTS RESERVED
[ad_2]
